CyberChaff™ – Release Notes
CyberChaff 3.5 – June 8, 2018
CyberChaff 3.5.0 contains a new feature and several bug fixes.
- Added a powerful set of configuration options and command-line tools to capture incoming data.
- Audit socket handling; ensure all opened sockets are closed.
- ARP chatter used to require a redundant chaff node; refactor to remove node and move functionality to chaffd. This has the added benefit of ARP chatter working better across VLANs.
- Chaff nodes now Alert on half-initialized TCP connections
- When using Service Pass-Through, the destinationServiceName now shows “TCP Port Forward” instead of TCP_SCAN
- Added more debug info to console/journal when running in debug=true mode
- Added a wrapper script to systemd/upstart scripts that parses the default config for variables. Previously, advanced bridge usage required setting things like relay-bridge in both the chaff config as well as the systemd/upstart start/stop files
CyberChaff 3.4 – March 21, 2018
CyberChaff 3.4.0 is a minor update that addresses a number of issues related to improving service pass-through capability and fidelity as well as providing a few bug fixes.
CyberChaff 3.3 – January 29, 2018
CyberChaff 3.3.0 is an update that focuses on expanding support for VMWare vSphere and fixes a number of issues.
- Added support for running CyberChaff in VMWare vSphere running ESXi 6.x
- Added support for running CyberChaff on older Intel/AMD processors.
CyberChaff 3.2 – October 2, 2017
CyberChaff 3.2.0 is an update that improves upon the initial Amazon Web Services deployment support work flow as well fixes a number of items.
- Internal improvements related to Amazon Web Services deployment.
- Node status reporting is enhanced for more detailed messages. See section 3.1.4 of the CyberChaff User’s Manual for details.
CyberChaff 3.1 – July 31, 2017
CyberChaff 3.1.0 is an update that includes initial Amazon Web Services deployment support and fixes a number of items.
- Beta release supporting deployment of CyberChaff nodes on Amazon Web Services.
- Added a means to override the automated creation of the internal messaging relay bridge.
- Fixed an issue with SSH and Prattle not working on non-Intel CPUs.
- Added feature to perform local logging of alerts If configured Alert endpoint is not up. Will resume logging to Alert endpoint when/if it comes back up.
CyberChaff 3.0 – June 12, 2017
CyberChaff 3.0.0 is a major release that incorporates many infrastructure changes, while keeping the main interface and user experience the same for existing users. While the core changes were to code internals, build/release process and tools, there are also a number of new features and bug fixes:
- Added support for over 3,500 different OS fingerprints. Run chaff list fingerprints to see the standard list of fingerprints; run chaff list fingerprints –recursive (or look in /etc/chaff/prints/ALL) to see the full list.
- Enhanced Alert logging. CyberChaff alerts used to transmit over the common bridge (br0 by default), which made it difficult to get alerts back to SIEMs when dealing with VLANs, firewalls, etc. By default, CyberChaff nodes now communicate via a managed and dedicated communications channel with chaffd. This new behavior is fully configurable, but includes sane defaults so that both complicated, VLAN and firewall-heavy networks can send/receive Alerts just as easily as simple networks. See the relay-bridge topics in the CyberChaff documentation and in /etc/chaff/config for advanced configuration options.
- Added ability to filter alerts by IP. Suppress generation of Alerts for specific IP addresses in the chaffd config file.
- Enhanced Documentation. We’ve documented all the configuration variables both in /etc/chaff/config and in detail in the CyberChaff documentation PDF. We’ve also included a number of scripts that allow you to use CyberChaff to quickly create common network environments, see the scripts in: /usr/share/cyber-chaff.
- Broader OS Support. Our RPM is no longer tied to a specific Fedora or CentOS release, and instead can be run on any RPM-based 64bit Linux distro.
CyberChaff 2.11.0 – Mar 13, 2017
CyberChaff 2.11.0 is a minor update that addresses DCHP interoperability and static IP handling issues.
CyberChaff 2.10.0 – Jan 17, 2017
CyberChaff 2.10.0 is an update that includes improved capabilities in handling of alerts.
- Syslog alerts are now sent via syslog from DOM0, enabling CyberChaff nodes to reside on many production VLANs, while all syslog traffic may be sent over a separate management VLAN
- Improved stability of very large quantities of syslog traffic over syslog over TCP
CyberChaff 2.9.0 – Dec 16, 2016
CyberChaff 2.9.1 is a minor update that fixes a number of items.
- Nodes auto restart if they crash
- Improved DHCP interoperability
CyberChaff 2.8.1 – Oct 24, 2016
CyberChaff 2.8.1 is a significant release that incorporates numerous integration features, as well as performance and bug fixes.
- Ability to send syslog alerts over TCP (in addition to UDP)
- Send alerts in JSON format that can be mapped to Splunk CIM
- Provide Ansible Playbook to allow users to remotely run any chaff command
- Support for Ubuntu (for DOM0 management OS) packages